Tag: IT security

Recent news has been full of high-profile IT security breaches such as the theft of customer data from British Airways, but I have to remind smaller businesses that they are not ‘flying under the radar’ of attackers when it comes to being vulnerable.

According to a recent study from the insurance firm Hiscox, 47% of small businesses surveyed in the US, UK, and Europe, had suffered at least one cyber attack during the past 12 months. Contrast this with the fact that 51% of SMBs don’t see themselves as a target (Switchfast survey). Does anyone else see the problem?

Switchfast’s conclusion is “the actions of small business employees and leaders reveal little is actually being done to address the lax attitude toward security. Negligent employees are the number one cause of data breaches at small businesses.”

What sort of negligence is Switchfast referring to? Firewall vendor Fortinet put their finger on it when they reported their monitoring shows that cybercriminals are only exploiting 5.7% of known vulnerabilities. So the conclusion is that SMBs simply aren’t applying published fixes and updates in a timely fashion. By taking this fundamental step, SMBs could go a long way toward protecting themselves from a cyber attack.

So why don’t SMBs do a better job with updates and patches? Those that manage this themselves tend to forget about it or perhaps only try to ‘do something’ on a 6-month or yearly basis. Or they miss less obvious updates such as those needed for firewalls, routers, switches, and wireless access points.

What’s a good strategy? Find an IT partner with the automation tools to handle this for you. Regardless of whether you have in internal IT resource or you do-it-yourself, modern automation tools such as those provided by MicroData’s Managed Services can eliminate concerns about patching, monitoring, and many cyber security threats – and for pennies a day.

Like this:

The details are continuing to emerge – and get worse – about the hack of British Airways. In September it was revealed that for over two weeks, hackers stole over 385,000 customer data records which included full name and address info and complete credit card data including CCV numbers (for 77,000 of the users) from the BA website and Mobile app.

A follow up notice published by BA’s parent International Airlines Group, on Thursday last week admitted that passengers who made bookings between April and July using rewards points were also snooped on by the cybercriminals.

What’s the takeaway? As usual, we recommend that it’s important to have Dark Web monitoring in place for your entire organization so that you can watch for these stolen credentials to appear for sale. Personal monitoring is also important so make sure you’re using a reputable product like our Spotlight ID.

And if you’ve flown British Airways recently make sure you change those account credentials, get a replacement for whatever card you used for reservations, and if you used the same credentials at any other site, make sure you change all those passwords, too.

Over the weekend a massive IOT attack on unpatched Netgear DGN series routers was observed so if you have one or more of these devices and you haven’t updated it recently, you need to act ASAP.

The attacks have been primarily observed in the United States and India but has been reported in 75 other countries, too.

The attacks are completely automated and scan the Internet for the devices and if found, exploit a vulnerability to take over control of the routers and use them as Bots or as Crypto Coin Mining Zombies.

Netgear has released firmware updates that fix the vulnerability for all affected products but user action is required to apply the fixes. Specifically, you need to upgrade the Netgear software to DGN1000 1.1.00.48 / DGN2200 v3 or higher. Updates are available at the Netgear download center.

Need a hand with network security? Give us a call at 978.921.0990 or visit us on the web.

Like this:

Stop me if you’ve heard this one before. Facebook today announced that 50 million user accounts were ‘impacted’ by a security breach that potentially allows an attacker to take over an account.

Apparently the issue was caused by a flaw in Facebook’s ‘View As’ feature that lets you see what your profile looks like from the perspective of other users in the system.

Facebook has reported that they have fixed the flaw and deleted access tokens that allow users to access Facebook without logging in each time from the same machine. This means about 90 million users will be prompted to log in from any device they use at their next access.

And while you don’t have to change your password as it wasn’t directly exposed, it might not be a bad idea – especially if you haven’t changed it lately.

Like this:

As I’ve mentioned before, hacking is big business. Whether to steal intellectual property, extort companies for a ransom, infecting systems to be used for spam or covert mining, or just outright stealing of cash, cybercriminals want what you’ve got.

Here at MicroData we manage many systems and I wanted to share some specs on a server we manage that readers may find interesting. The server in question hosts websites and in addition to the usual security measures we put into place on any Internet-facing server, we also install software that monitors login attempts and if too many failed attempts are made within a given time period, the IP address trying to login gets blocked. The address – and its general geographic location – also gets logged.

So over the past 30 days, here’s the Top-5 list of countries where those hack attempts originated:

China (792)

USA (766)

Brazil (480)

India (355)

Russian Federation (205)

Seeing China and Russia on the list probably doesn’t surprise anyone, but having almost as many hack attempts from within the U.S. as from China usually does cause an eyebrow to rise. And most people are surprised that Brazil and India are so active in trying to access systems. They are almost never mentioned in popular press.

There are a couple of takeaways.

First, understand that these are automated attempts. It’s not personal so don’t think about it in that way. There is no human sitting at a keyboard trying different password combinations. The defenses your organization needs to have in place must protect against continuous, 24×7 attempts to get at your systems, data, and users.

Second, you need to be extra concerned if any of your user’s credentials are on the Dark Web where they can be simply purchased. Hackers and their automated systems will endlessly try those credentials and thousands of variations. So a password change from ‘lollipop1’ to ‘lollipop2’ is almost useless – but it’s still what most users do. This is why even if hackers get an old password, they will be often successful in gaining access to a network or system.

Make sure you have a Dark Web monitoring solution in place like MicroData’s Dark Web Guardian. We now offer a small business package for organizations with up to 15 users for just $49.

Like this:

A new scam making the rounds has cybercriminals trying to extort money from netizens by threatening to leak a video to friends and family of their marks watching X-rated videos. Here’s how it works.

A user gets an email from a crook who claims to have obtained, through hacking their computer, compromising webcam footage of them watching an adult website. In reality, the user’s computer wasn’t hacked but rather the cybercriminal has simply purchased some passwords and email addresses on the Dark Web that likely originated on a hacked forum or site that the individual may frequent. Think a hobby or club-type forum.

The attacker’s message includes a reference that they have obtained all the user’s contacts including co-workers, friends, and family. And the clincher is that the extortion message shows the user’s actual password in an attempt to convince the reader that they need to pay up – or else.

The cybercriminal is banking on the target reusing their leaked password for other more important websites and being convinced that those accounts have been compromised as well. In reality, the attacker probably only has the one compromised password and is hoping for a quick payout.

If you receive this email, don’t panic and don’t send them any Bitcoin. There most likely isn’t any video. Change your password, don’t reuse any passwords that you use for important sites, and consider using two-factor authentication and a password manager to keep your accounts secure going forward.

And if you’re a company exec or IT pro, make sure your organization is monitoring the Dark Web for ID account compromises. That’s where cybercriminals are purchasing credentials for scams like this. Check out our Dark Web Guardian service that provides 24×7 monitoring for these types of compromises – 50% off a new 1-year subscription when purchased by August 31.

Like this:

I was pleased to contribute to a story by bonpay’s Jegor Nagel on cryptocurrency 51% attacks and the risks they present. If you hold any crypto it’s worth understanding what a 51% attack is and why the blockchain is so inherently secure.

Like this:

Unfortunately, most people that say this have little basis for the belief. The reality is that without monitoring it’s almost certain that some of your employees credentials are available for sale – or for free – out on the Dark Web and you’ll not know it. In 2017 we found 92% of organizations tested had compromises.

Here’s an example. I recently ran a quick scan on our local school system. I stopped the report after the first 190 compromises were found. And the report showed concerning details like failure to have implemented a complex password policy, setting a reasonable password depth, exposed Personally Identifiable Information (PII), etc.

Having the best firewalls and monitoring solutions in the world are useless if a cybercriminal has someone’s account info and password and just logs in.

I’m offering to help you find out at no cost or obligation. Visit this link and fill in your information and we’ll run a Dark Web scan for your domain at no cost and with no obligation. We’ll even give you a copy of our MicroData Dark Web Scan Action Guide that provides detailed recommendations on what to do if compromises are found.

Like this:

A recent poll by Broadband Genie, a UK Internet Service provider (ISP), found that the vast majority of users – including some small businesses – have never changed the default administrator password on their router, thereby leaving themselves wide open for all sorts of cybercrime mayhem.

The survey also found that 52% had never changed the network name, updated the firmware, or checked to see what devices are on their network.

And 48% said they didn’t understand why they would need to make these changes.

If your small business is simply using the router/modem supplied by your ISP (not a good idea), make sure you get these items taken care of ASAP. And regularly review your router’s logs for suspicious activity. And if you don’t know how or why, contact us for some help.

Like this:

If you’re looking for good examples of safe cyber security policy, take note of IBM’s recent actions.

In an advisory to employees, IBM Global Chief Information Security Office Shamla Naidoo said that the company is “expanding the practice of prohibiting data transfer to all removable portable storage devices.” This will include USB, SD cards, flash drives, etc.

Why are they taking this step? According to Naidoo, “the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimised.” Or in other words, it’s just not worth the risk.

IBM will have employees use it’s own synchronization application service for moving data around.

The takeaway for your business? Only let your employees use approved removable storage devices that are trackable and managed, and don’t permit use of non-secure and unmanageable Cloud storage services.

Every MicroData Managed Service Plan includes our exclusive Ransomware Guardian™ – a suite of cybersecurity tools with functionality that includes limiting and managing removable storage and restricting the use of Cloud-based file sharing services. And our SecureCloud Sync service provides Cloud-based file sharing but without the risks inherent in consumer-grade solutions like DropBox™ or OneDrive™.

Like this:

Equifax has released more info about the data stolen by the hacks in 2017 and it’s pretty grim. According to a letter Equifax submitted to the SEC on Monday, here are the numbers of actual compromises:

146.6 million names

146.6 million D.O.B.

145.5 million Social Security Numbers

99 million addresses

27.3 million gender

20.3 million phone numbers

17.6 million driver’s license numbers

1.8 million email addresses (without credentials)

209,000 credit card numbers and expiration dates

97,500 tax ID numbers

And the following government issued IDs:

38,000 Driver’s license numbers

12,000 Social Security or Taxpayer ID Card

3,200 passport or passport card

What’s the takeaway? You really need to be monitoring your personal credit info. And we don’t recommend LifeLock™ as ironically they use Equifax for monitoring. Take a look at SpotLight ID which I personally use and we recommend to our customers. SpotLight ID provides more comprehensive protection plus it’s about 1/3 less expensive than LifeLock.

Like this:

A vulnerability was discovered at Panera Bread in August of 2017 and was finally acknowledged by the company on April 3 of this year. Compromised data includes names, emails, physical addresses, birthdays and the last four digits of the customer’s credit card number. “There is no evidence of payment card information nor a large number of records being accessed or retrieved,” Panera Chief Information Officer John Meister wrote in an emailed statement.

The data was obtained through a website vulnerability that has now been reported as corrected.

The bad news here is that data was leaked for 8 months after a security researcher contacted Panera in August 2017 with details of the exploit.

The actual fix was a patch to the website that took 1 hour to deploy.

While Panera has talked about “[not] a large number of records” being affected, they have apparently identified 10,000 customers who likely did have their information exposed. Other reports suggest as many as 37 million accounts may have been exposed.

This is another good reason why your company should have a Dark Web monitoring solution like MicroData’s Dark Web Guardian in place. You may never know exactly what credentials and PII have been compromised in any given breach. And some compromises may never be reported, so your business needs to aggressively be checking for compromises.

And tell your users that if they previously set up and used an online Panera Bread account, to be safe they should change their password at the site and any other place where they may have used the same email/password credentials.

And of course, remind your employees to never use their corporate email address and password for account registration with other businesses/social media sites/entities.

Orbitz is currently working to notify the thousands of affected customers and plans to offer one year of free credit monitoring and identity protection service. Affected individuals should proactively monitor their personal data for misuse.

Like this:

There are many factors to consider when buying a cell phone and now we can add espionage to the lists of risks to consider before making a purchase.

Chinese-based Huawei has been trying to make inroads to the U.S. market for a while now and has been selling unlocked phones online and through some retail outlets such as Walmart, Amazon, and Best Buy. They were also recently about close to an agreement with AT&T stores for selling their phones, but the deal fell apart at the 11th hour.

Now the heads of six U.S. intelligence agencies have warned consumers to avoid the brand due to what are considered security threats. Heads of the FBI, CIA, and NSA are telling Americans that the phones can “maliciously modify or steal information” and also “conduct undetected espionage”.

But with the Huawei flagship Mate 10 selling around $600, there are plenty of other choices out there without the risk. A favorite of mine which is still available is the Samsung S7.

Does your company need help with Mobile technology and security? Contact us for immediate assistance.

Like this:

In our October 2017 MicroOutlook, I wrote about the risks of the Internet of Things (IoT) and the accompanying management challenges to keep your organization safe. Here’s a fresh example.

This week news came out about an unexpected side effect of many popular Strava-enabled fitness trackers. These devices interface to your smartphone and compile activity data and give you all sorts of reporting. Sounds good, right? Except the latest version includes a heat map which gets uploaded to the manufacturer who makes it available on the Internet. And it shows the aggregated routes of all its users. Social media users quickly realized that this info could be used to figure out where Western military camps in the Middle East are located. Fitness conscious soldiers jogging about the bases’ perimeters were building up nice neat traces on the heat maps over time.

Remember, IoT presents many security challenges. You can’t simply say ‘It’s just a temperature sensor’ or ‘it’s just a fitness tracker’. Any device that gathers data and connects to either the Internet or a network has to be scrutinized before it’s deployed. And you have to monitor your network to make sure employees aren’t bringing in their own devices and attaching them to computers or data jacks.

If your organization needs help with managing IoT or security, contact us for assistance.

Like this:

For the past several tax seasons, cyber criminals have used sophisticated social engineering tactics to dupe hundreds of payroll and HR departments into providing W-2 data on their employees, which results in the filing of fraudulent tax returns, other identity theft cases, and even class-action lawsuits against the company.

The typical W-2 phishing email is spoofed to look like it is from a high-level executive and asks the employee to provide W-2 or other tax-related information either by replying to the phishing email, by sending the information to another email address, or to upload it to a server owned by the bad guys.

In many instances, the request for the information appears to be urgent, which forces the employee to act quickly. These spoofed messages can be very convincing. The emails have the email address and often contain the actual signature block of the executive that makes the employee believe that the email is authentic.

So remind your employees to think before they click. And consider some Security Awareness Training for your business. It’s the proven, effective way to significantly reduce employee susceptibility to phishing attacks. Contact us if you’re looking for help in improving IT Security at your business.

Like this:

A few days ago I wrote about the Spectre and Meltdown CPU vulnerabilities and immediate recommended steps to take to mitigate the security problems created by these hardware bugs. Microsoft has already released some updates for the vulnerabilities along with their regular group of monthly patches, but some actions on your part may be required in order to successfully deploy these fixes.

Specifically, Microsoft is changing how they release updates. They will now check for a setting on each computer that will verify compatibility of the installed antivirus software with the operating system and to-be-installed patch. This is necessary because without this setting the antivirus software will block needed updates causing them to fail. Because the update is being blocked by the antivirus software, it’s up to the AV manufacturer to make sure this setting is present and correct.

Actions to Take: Expect antivirus manufacturers to start releasing updates to their products to take care of this issue. Trend Micro has just released a critical update to address this issue and more information is available on the Trend website.

For users running the current version of Webroot (9.0.19.x), no updates are required.

If your organization runs any other antivirus software applications, please check with the manufacturer or contact us for assistance.

And remember, these fixes I’m talking about today are only associated with Microsoft’s operating systems. For Apple, Linux, and other operating systems, contact your respective manufacturer for assistance. And also be sure to check with your hardware manufacturer for almost certain-to-be-released firmware updates and other important related news.

Note: For MicroData clients with Complete, Select, and Business Care service agreements, no action is required on your part. MicroData has already taken all necessary steps for you.

Like this:

Meltdown and Spectre are recently discovered hardware design flaws in the main processing chip – the CPU – in most modern computers. It turns out this design flaw has actually been present for years but has only recently been identified. These vulnerabilities affect PCs, Macs, desktops, notebooks, tablets, and even smartphones. And if you’re running applications in the Cloud, Cloud Providers that use Intel CPUs are also affected.

This is a big deal because it affects almost every computer and server on your network – Mac or PC. The design flaw, if exploited by specially crafted software, allows stealing of data that is being processed in your computer’s memory. Normally this couldn’t happen as applications and their data are kept isolated from each other, but this hardware bug breaks that isolation.

So if cyber criminals are able to get malicious software running on your computer either via malware or an infected website, they can gain access to your passwords stored in a password manager or browser, your emails, instant messages, and even business-critical documents.

So what to do?

First, if you are a MicroData Complete Care, Select Care, or Private Cloud customer, we’ve already implemented a remediation plan and there’s nothing you will need to do. Taking care of Meltdown and Spectre involves patching and updating all machines on your network and in many cases making modifications to the underlying operating system. These fixes will take some time as some patches won’t be released for several days.

If you’re managing your own security you’ll need to obtain the relevant patches for your operating systems, examine your antivirus software to make sure it will work properly with the patches and modify/update if not, and then apply the updates to all systems.

MicroData has tools that permit company-wide implementation of these patches and required changes, so if you need assistance contact us at 800.924.8167 or at microdata.com.

As always, but particularly until you get these updates applied, be extra vigilant of email links you click on and websites you visit.

Like this:

Happy New Year! As your Resolution #1, make this the year that you increase the security of Information Technology both at work and at home. And start with your own PC. If you haven’t updated your version of Windows 10 in a while, make sure you do soon. Microsoft recently ended support for early versions of Windows 10 which means you won’t get important security updates and fixes.

To find out which version of Windows 10 you have, enter Settings into the search bar and hit Enter. Select System > About. The version will be listed under Windows Specifications. If you don’t see Version 1709, you need to update your version of Windows.

Microsoft provides a free tool called the Windows 10 Update Assistant that will double check your installed version and take care of any needed upgrades.

If you have any questions or need a hand, contact us and we’ll be glad to assist you.

Like this:

2017 is finishing with large groups of patches from almost all manufacturers. These bug fixes, if not applied, leaves systems vulnerable for exploitation. Unpatched system is how Wannacry ransomware spread this summer, so take some time to be sure that all your computers, networking peripherals, and Internet-connected devices are patched and updated.

Here’s a few highlights:

Linux ‘systemd’ flaw

MacOS High Sierra (quite a few vulnerabilities that Apple has been rushing to fix including an emergency patch for the vulnerability that allowed the bad guys to log in to Macs as administrators without passwords and let any app gain root privileges). If you’re running High Sierra, don’t wait for an automatic update – initiate a check now.

Intel Management Engine (used in many servers and desktops)

A mass of updates from Adobe including Flash and Acrobat and Reader

A large grouping (50+) of updates from Microsoft for its various products

If you’re not already using some sort of automated patch management solution from an IT partner with the security expertise to make it work, it’s time to take a look. Manually trying to keep up with all the vendors and issues is pretty much impossible. And if you’re just not sure what to do, contact us and we’ll be glad to give you a hand.

Like this:

A new strain of Ransomware called Bad Rabbit is spreading around the world. Bad Rabbit spreads via Social Engineering so here’s what to warn your users to look for.

Users receive a pop up in their browsers telling them that an update to Adobe’s Flash Player is available. There are two buttons to click; Install and Remind Later. Both do the same thing – install the malware payload on the system. Bad Rabbit then uses a list of known weak passwords and tries to access all found servers and workstations using common accounts such as Administrator, Guest, root, etc. If it gets a match, the ransomware proceeds to encrypt the files on the computer and then replaces the Master Boot Record – effectively bricking the computer. So recovery forces you to purchase two decryption keys. Price is .05 Bitcoin or about $275.

There are two takeaways. First, train and remind your users to use complex passwords and change them often. Second, have your users undergo Social Engineering security training.

Contact us if you’d like more information or assistance in keeping your network and data secure.

Like this:

You need to exercise a new degree of care with social media posts – both personal and corporate. Specifically, you have to watch that you and your users don’t make posts that can enable criminal activity. Let me explain.

You have probably already heard the good advice about not letting newspapers pile up on your front steps when you’re away, but in this era of instant electronic communications, criminals aren’t interested in driving around neighborhoods any longer. They now routinely cruise social media looking for opportunities. Today, an estimated 75% of burglars use social media to find potential targets. So posting those pictures while you’re on vacation or out for the evening isn’t a good idea. Either is providing details online about that expensive new piece of equipment the company just purchased. Aside from potentially having property stolen, there’s now a new gotcha; insurance companies are now actively using online activity to decide coverage and claims. What’s the basis for doing this? It’s a clause in the insurance contracts known as ‘reasonable care.’ Reasonable care means not doing anything reckless that would make you or your company a target.

So here are some simple guidelines for both personal and corporate social media usage:

Turn off your location. Disable electronic’s GPS unless you’re actively using it and also turn off location tagging.

Don’t post real-time. Put up pictures after a vacation or the details of the CEO’s Asian trip after they get back.

Check privacy settings. Take some time to investigate what the settings are on your social media accounts. Facebook in particular updates its privacy settings on occasion and many of the defaults are quite open.

Like this:

All businesses have unique operational processes they rely upon to handle distinct needs. Even common tasks like shipping are handled differently from company to company. But in general, the larger a business is, the more complex its processes.

Business Process Compromise is a new type of cyber attack that recently has come into focus. It specifically targets unique systems and processes and manipulates them for the attacker’s benefit. And rather than a brash warning such as is received with ransomware, BPC attacks are typically silent and have a goal of stealthily appropriating goods and/or funds over extended periods of time.

Many BPC attacks go unnoticed because employees largely ignore the workings of these processes treating them as almost automatic.

Like this:

A survey just published by The Business Journals has some sobering statistics. Only 28 percent of owners of small and mid sized businesses responded that they are very concerned about ‘the safety and security of their firm’s technology, email and documents.’

What makes that particularly concerning is that it runs directly counter to the potential impact for small companies should they suffer a data breach. The Insights report said 60 percent of U.S. businesses with between 1 and 499 employees that suffer a data breach shut down within six months.

As a business owner or manager, if IT security isn’t one of your highest priorities, change your thinking and get some help. Proper IT security usually isn’t hugely expensive but it does require an understanding of the issues, threats and environment, and then implementing a comprehensive plan.

If you’re not sure where to start MicroData is offering a free, no-obligation IT assessment of your business. You’ll get detailed, specific information about the security of your IT environment along with recommendations for corrective actions. And of course we can handle all aspect of implementing and managing IT security for your business. Click here to learn more.

Like this:

Sun Tzu, the famous 5th century BC Chinese general and philosopher has been credited with the statement ‘know yourself, know your enemy and you shall win a hundred battles without loss.’ This applies to cyber-criminals, too. A critical part of your organization’s defense is understanding the extent and nature of the threat. Here’s an example of what I mean.

We recently installed a server for a client which communicates directly to and from the Internet. While it’s a given that adequate security needs to be in place, many business people don’t realize the extent to which the bad guys will go to gain access to a system like this. Cybercriminals deploy automated systems to silently scan for computers, routers, and other IT-related devices which are connected to the Internet and once found, automatically and continuously attempt to exploit configuration mistakes, default or ‘easy’ passwords, and unpatched vulnerabilities.

After only 1 day, here’s a summary of the individual attempts to hack this single system:

USA (106)
Russian Federation (18)
India (17)
China (14)
France (13)

Note that because of the software we installed, after an attack was attempted 3 times that address was blocked from further access. So the above total of 168 individual attempts in 24 hours – if not stopped by the software we had installed – would have likely been continuous attempts every few seconds by each attacker. This would likely have put the daily total at close to 300,000 – 400,000 attempts.

The takeaway? Don’t underestimate the enemy. They have resources to find your systems, exploit vulnerabilities, and make your life miserable.

Invest in good quality security, keep systems and hardware up to date, and monitor everything.

Like this:

The popular Microsoft Office 365 online service is now being used in a phishing scam to try and steal your personal data and information. Here’s what to look for.

You receive an email that appears to come from the ‘Microsoft Online Services Team’ with a subject of ‘Office 365 billing statement’. The body of the message looks good – there’s an Office 365 logo, no typos or obvious mistakes, and even the Microsoft logo at the bottom of the message. There’s a hyperlink inviting you to ‘Click here to view your statement’. If you do you actually download malware onto your computer.

Advise your users just to delete the message without clicking anything. And remember, with any message about an account you might have somewhere, never access it from a link in a message. Always go to the actual website by entering the address yourself, login, and then review any messages or account details. And if you’re still in doubt, pick up the phone and call the company’s customer service.

Like this:

Microsoft released its monthly set of patches and updates this Tuesday and of particular note is the fact that over half of the ‘critical’ fixes (those related to security) are not being released for Internet Explorer 7, 8, 9 or 10.

So what this means is that if you’re an Internet Explorer user this is a really good time to upgrade your browser if you’re still using one of those older versions. How do you check? Open up a browser window and pull down the ‘Help’ menu and choose ‘About Internet Explorer’.

If you find you need to upgrade Internet Explorer visit Microsoft’s Download Center for the free update.

Like this:

I’ve had many frustrated people as me why cybercriminals create and distribute ransomware. The answer is money, of course. But some new data from a report by Check Point software’s researchers is helpful because it shows just how much money we’re talking about.

Check Point focused on just one product: Cerber. The Cerber platform is software created specifically to be resold to create ransomware. Aspiring cybercriminal affiliates create their own ransomware campaign using Cerber and the deal is that Cerber gets to keep 40% of whatever their customers make with their ransomware attack.

Check Point was able to determine that Cerber had more than 160 participants at current count and that the combined direct sales plus affiliate revenue was almost $200,000 just in July – and this despite a victim payment rate of only 0.3%.

Doing the math means that Cerber is on track to net 2.4 million dollars this year.

So what’s the takeaway for businesses? Ransomware is a highly profitable criminal activity and you should expect to see increases in attacks on your business.

And that means that if you haven’t yet, you should get your organization up to speed both in terms of hardware/software preparedness, but also user training.

Like this:

If you are a user of GoToMyPC it’s time to change your password. In their blog this Sunday Citrix said that the service was hit by a “very sophisticated password attack.” Citrix is requiring all users to reset their passwords using the ‘Forgot Password‘ link.

Citrix didn’t go into detail but the implication is that a substantial number of accounts were compromised.

And of course if you used the same account/password at other sites you should change it at those sites as well.

Attacks against websites continue to grow as cybercriminals exploit security flaws. If you haven’t already, start taking a look at enabling two-step verification which many sites are now offering. With two-step verification, you receive a unique code to your cell phone or email each time you want to sign on.

Like this:

I was born in Maine and had parents that clearly remembered the effects of the Great Depression. They weren’t yet born during the actual Depression but growing up, their parents who had lived through it, taught them valuable life lessons from those difficult years. And I got many of the same lessons although as the next generation, less poignantly. One central concept was Yankee-thrift, a big part of which means you don’t waste things and you don’t throw stuff away that could be re-purposed or re-used. Good advice – in most cases.

The problem is that this belief can get you into trouble with information technology. For example, we have many organizations we’ve worked with that use older versions of Microsoft Office. I’ve repeatedly heard over the years, “it works just fine and does what I need it to.” The problem is that it does some things you really don’t want it to do.

One of the biggest problems is the file format. Have you noticed how newer versions of Word save files with a .docx extension rather than the older .doc? There are many improvements that Microsoft built into the new file format, but one huge area of improvement was file security. In the new .docx format, Microsoft removed the ability for users to embed macros into the document. A macro is basically a set of self-executing instructions. Today, many variants of ransomware are being spread by macros in infected .doc and .xls files. With the older version of Word, you can just click and boom, you’ll find all your files encrypted and be looking at a ransom message and the prospect of paying hundreds or thousands of dollars to get your data decrypted.

So Yankee-thrift is a great concept, but not in business where you share files all the time. Keep your software versions current and if you’re not sure how old is ‘too old’, ask your IT professional who can guide you.

Like this:

QuickTime on Windows is an Apple product that has been widely used for years to play movie trailers and many Internet media clips.

Last week, Apple announced that it was no longer going to support the product and would not even patch two recently identified major vulnerabilities in the software that can allow hacker access to people’s computers.

The vulnerabilities are so serious that the U.S. Department of Homeland Security has sent out an urgent alert telling Windows customers to remove the program from their computers. So we’re advising everyone to check and see if you have this app on your computer and if so, uninstall it now.

Like this:

Unless you’ve been away on a small island for the last couple of years, you know about the problems presented by Ransomware and probably know of an organization that’s been hit. But as a refresher, Ransomware is software that encrypts your computer, network, and Cloud data and your only recourse to get your data back is to pay a ransom, usually in Bitcoin and typically +$1,000.

What’s really tricky about Ransomware is that it isn’t delivered like a typical virus that sneaks onto your computer and runs itself. Ransomware is usually self-inflicted. A user gets an email that looks legit such as an efax or Word document – these are called phishing attacks. The attachment is actually the code and by the user clicking on it, the ransomware application gets started.

While there are many steps your organization can take to protect yourself, at a minimum you want a good quality antivirus/antimalware application on each user’s computer, and you want to make sure this antivirus solution does email content filtering. This is a basic but effective line of defense to stop a large percentage of these phishing messages from getting in to your organization.

Symantec, McAfee, Kaspersky, Sophos, F-Secure, and Vipre do not perform content filtering. Trend Micro’s Worry Free Business Security Advanced does provide content filtering which is why we recommend this solution.

If you haven’t looked at the capabilities of your organization’s Endpoint Protection software lately, with ransomware infections growing each month, now might be a good time.

Like this:

Think that professional IT services are expensive? How about the cost of your current provider making a mistake? Last month a California state court judge finalized the highest ever per-plaintiff cash settlement in a data breach case. St. Joseph Health System, based in Irvine, is set to pay upwards of $28 million to settle a 31,074-member class action. The dispute arose out of a 2012 incident that exposed over 31,000 patient records to the Internet. The cause was not malware in this case but rather simple mis-configuration of the hospital’s intranet.

The takeaway? Security for your network and data needs to be one of your highest priorities. Even a small business can have thousands of customer records with sensitive information that must be secured.

If you’re not sure about your organization’s IT security, I urge you to take advantage of a special, limited-time promotion we’re offering where we’ll review your IT systems and provide you with a detailed 57-Point IT Systems Security and Performance Assessment – all for FREE. Click here to learn more.

Like this:

I was just reading a fascinating story on the U.S. Dept. of Justice website about a bank robbery and there’s a lesson in there for all of us about IT security. What made this story so interesting wasn’t the use of Mission Impossible-like technology or swarms of armed criminals, but exactly the opposite. Low tech, physical theft by one guy with a wheelbarrow. I’m not kidding.

Over a 2-month period, the defendant stole over $200,000 in quarters from a Federal Reserve coin storage facility at an Alabama Brink’s facility where he worked. He had noticed that the quarters were stored in ballistic bags – think large duffle bags – so he grabbed 4 empty bags, filled them with beads and just enough quarters to show through a small plastic inspection window, then he put them on a skid swapping them for legitimate bags full of quarters.

The lesson for IT? Don’t neglect physical security of your IT assets. Ask yourself how hard it would be for someone who gains access to your facilities to simply pick up a computer or server and carry it off. This is exactly why part of every yearly required HIPAA audit is to verify the physical security of key data processing equipment.

If you have any questions about your IT security – physical or electronic – we’d be glad to help you out. Get in touch here.

Like this:

This scam is sneaky because the cybercriminals are using the exact same phrase that PayPal uses when monthly invoices are sent out. Users receive an email with the subject line of ‘Your PayPal Invoice is Ready’ and the body of the message asks you to ‘Please open the attached file to view invoice’. The attachment is a .zip archive which, if opened, executes code that will encrypt your hard drive files (and files on any mapped hard drive) requiring you to pay a ransom in Bitcoin to get your files back. Short of a complete restore of the affected system(s), there’s no other way to avoid paying the ransom.

Aside from training your users not to fall for these types of messages, what else can you do to try and protect your company? Here are a few suggestions.

Block all .zip type of attachments in your email system

Pre-clean your email by running it through a filtering services such as MicroData’s hosted Barracuda service

Like this:

Having an available wifi hotspot can be incredibly helpful if you need to do some business on the road. But you should take some precautions to ensure that the person on the other side of that coffee shop isn’t stealing your identity, draining your bank account, or having a shopping spree with your credit card. Here are some of the safety tips we give our own customers.

Make sure your laptop or tablet security is up to date. This would include having a fully supported OS with all patches applied, an updated web browser, a personal firewall turned on, and current anti-spyware/anti-malware.

Be aware of the hotspot you’re using. The hotspot at Starbucks is preferable to one you just happen to come across while you’re sitting around the mall. And a hotspot that requires patrons to use a password is better still.A new trend to watch out for is ‘hotspot fishing’. The bad guys target an area where there are many people looking for wifi access. An airport is a great example. They setup with their own laptop with hacking software and then broadcast an unsecured wifi hotspot – sometimes with the name of a nearby store or the airport’s name to try and fool users into thinking its safe. Then they wait for unsuspecting users to connect. Once they do, everything they transmit can be intercepted.

Protect your passwords. When a website or your browser asks if you’d like it to remember your password, we suggest saying ‘no’. For someone that’s frequently on the road, it’s better not to have your password data stored anywhere on your computer. The exception would be if you are using an encrypted password manager like KeePass.

Change settings. The default behavior on Windows systems when connecting to a new network will be to ask you if the network should be trusted or not – choose ‘Public’ or ‘Public Network’. But if your computer doesn’t ask you for some reason, make sure you turn off file sharing.

Use a VPN. A VPN can encrypt your connection to a home or work network so consider connecting this way if possible.

Avoid financial transactions. If at all possible, just have these wait until you get home or to a secure network. If you do have to do some e-commerce shopping, make sure the sites are encrypted and secured. Secure sites begin with an ‘https’ in the address.

Be aware of your physical surroundings. When you’re engrossed in some online work it’s easy not to pay attention of people coming and going around you especially if you’re in a busy location like an airport or coffee shop. Bad guys are in many of these public areas and are ready to grab a briefcase or purse left on the floor when the owner isn’t looking.

Like this:

Tell your users to be alert for an email message with a subject of ‘Fuel E-bill’ and a Microsoft Word attachment. Opening the attachment causes execution of some code which, on an unpatched computer, infects your system with malware. Just delete the message.

Make sure your systems are updated and that your firewall and workstations all have current antivirus and malware protection.

Like this:

Tell your users to be on the alert for an email message with a subject line containing ‘Tiket alert’. It has a .zip attachment with a filename of tiket_number.zip that, if opened, infects the system with malware. Users should just delete the entire email.

Like this:

In a nasty new twist, CryptoWall v2 now uses infected ads on dozens of popular sites like Yahoo, AOL, and Match.com to infect computers. The worst part is you don’t even need to click on the ads to become infected. Simply visiting the page with outdated software on your computer can infect your system.

For those of you not familiar with CryptoWall and similar ‘ransomware’ viruses, they work by infecting your computer and then encrypting all your data so you can no longer access it. Then it demands a ransom – $500 in Bitcoin in this case – in order to decrypt it. There is no practical way to decrypt it yourself. You either restore everything from a backup or pay the money.

In this particular case, the ads are infecting computers that have an outdated version of Adobe Flash installed that has a known vulnerability. Flash is used to allow many websites to broadcast video content through Web browsers. This vulnerability is exploited by code in the ads which causes your computer to download and install the virus. This is what we in the industry call a ‘drive-by-download’.

What should you do?

If you have Adobe Flash installed and you’re running Google Chrome or Internet Explorer on Windows 8 or newer, you’re probably OK as Flash automatically updates itself so it has already been patched against this exploit. You should still check to make sure you have the latest version as some website restrict software from being automatically installed.

Like this:

CNN yesterday afternoon reported that approximately 5 million Gmail addresses and passwords showed up on a Russian Bitcoin forum this Wednesday. Google says that it’s servers weren’t breached, but it’s unclear how the data in such large amounts was obtained – and how much of it is actually good.

It’s not uncommon for collections of such info to be summarized from multiple phishing and keylogging malware exploits and then offered for sale.

So if you have Gmail accounts, it’s probably a good idea to update your passwords.

Like this:

As if the events surrounding Robin William’s death aren’t sad enough, the bad guys out there are already trying to use it to steal your data. Users get an email or see a social media post with a subject line with something like ‘See Robin William’s Last Words’. Clicking on the link gets the user’s system infected with malware/spyware.

Like this:

A new type of ransomware is appearing – mostly in Australia and the UK for now – that targets iPhones and iPads. The attack exploits the ‘Find My Phone’ feature to launch the attack and the bad guys have somehow got access to iCloud account info that’s used to lock the devices.

What happens is that suddenly your iPhone or iPad will lock itself and then you receive a message that you’ve been hacked by Oleg Pliss and you have to pay $100 US/EUR via PayPal to get the device unlocked.

Like this:

In an impressively confident offer, the Internet Security training firm KnowBe4 has offered to pay the Crypto-Ransom if an organization that completes its user training subsequently gets hit by ransomware such as CrytoLocker, CryptoDefense, or CryptoBit.

Said Stu Sjouwerman, founder and CEO of KnowBe4, “We are so confident our training works, we’ll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer.”

It’s refreshing to see a training company that’s so confident in its product and methodology that they’re willing to offer such a guarantee.

Like this:

You probably already know about CryptoLocker – the malware that encrypts everything on your local hard disk and then demands you pay from $500 – $1,000 or you’ll never see it again. Well now there’s a new threat and it comes into your organization in way that greatly increases the chance of it successfully attacking your business.

The bad guys now search through Craigslist looking for companies advertising for help. They then send in an email response with an attached ‘resume’. The person in HR opens the attachment and boom, they’ve just infected the network with CryptoLocker.

What makes this doubly concerning is that typically the person in HR – or maybe even the business owner if its a small company – is the one looking at these resumes and they have a high level of access to files and data. This means that the potential damage can be much worse than for a lower level employee.

What can you do to protect your network? Employ some security ‘best practices’ such as removing certain attachments from email messages, restricting users ability to install software, maintaining robust web and email filtering, implementing and testing comprehensive backups and restores, and encrypting your sensitive data. But most important is to educate and train your users. As our friends at Cyberheist News are fond of saying, “Your weakest point in any security model is the person who touches the keyboard.”

Like this:

I wrote about a month ago that you should expect to start seeing the bad guys exploiting the end-of-support of Windows XP. They haven’t wasted any time and the latest tactic is particularly aggressive, so alert your users. Thanks to our friends at CyberheistNews for this latest tipoff. Here’s how this scam works.

The criminals either send an email or make unsolicited telephone calls and claim to be from Microsoft or your Help Desk. They then tell you a bit of truth about Windows XP being unsupported (which you already know if you’re running Windows XP and seeing the pop-ups telling you this) and then that there are exploits in Windows XP that can’t be fixed automatically anymore. But they then claim to have a patch they will manually apply if you give them access to your computer.

Once they’ve got onto the computer they ‘own’ it and can subsequently hack into the rest of the network with relative ease.

Remind your users that Microsoft and it’s partners never make unsolicited calls. If you get a call or email that purports to come from ‘Support’ or ‘Microsoft’ telling you that you need to do something, hang up and call your real IT support team.

The implications are pretty serious. In testing by Codenomicon, access was achieved to systems from the outside without leaving a trace and testers were able to gain access to user names and passwords, messages, emails, and business critical documents.

If your organization has Linux systems you should immediately test them using publicly available tools and if you have a problem, deploy a new, fixed OpenSSL solution ASAP.

What do you do as a user? If you can connect to a site or appliance using HTTPS, and it’s not running on Microsoft Windows, consider it vulnerable until proven otherwise. Look for confirmation from the site that it has tested for the vulnerability and it has either corrected it or verified it isn’t affected. And of course, this would be a good time to change your passwords for any SSL secured sites – just as a precaution.

Like this:

Most of you are probably aware that Microsoft is ending support for Windows XP on April 8. That means no more patches, bug fixes, or updates. But what many of you may not know is that cyber-criminals have been hoarding discovered vulnerabilities, patiently waiting for April 9, so that they can then use or sell them. There are some estimates that there are hundreds of potential vulnerabilities out there waiting to be exploited.

What can you do if you still have XP machines in production? There are basically 3 options.

Microsoft has created an incentive program called Get2Modern that offers discounted pricing on Windows 8 software upgrades. Expect around $140. But keep in mind that many older machines running Windows XP and many older applications may not be able to run on Windows 7 or 8, or may require hardware upgrades. And upgrading the operating system on a XP machine to Windows 7 or 8 isn’t trivial as there is no direct upgrade path. Expect to spend many hours for each machine.

You can purchase/lease/rent new desktops or notebooks that come with the latest version of Windows – and a new machine warranty, as well. And prices are pretty attractive right now. For example, we just had a customer pick up some HP All-in-One desktops with Windows 8.1 Professional for less than $500. And monthly rentals with Windows 7 or 8 and the latest version of Microsoft Office are only $49

If you must keep old XP machines around for a while, you can take certain steps to mitigate the exposure you have. See the article from our friends at KnowBe4 for details.

Like this:

According to the ATM Industry Association most ATM’s will continue running Windows XP after Microsoft ends support for the OS. I can’t say that I’m surprised even though banks and financial institutions have had years of advanced notice of the retirement of XP.

In the US about half of ATMs are run by banks and the other half by independent operators. Upgrading is a significant effort (and cost) which probably explains why so many ATMs are still running XP.

Microsoft has specifically pointed out that the end of XP support means it will become vulnerable to future exploits, but that also doesn’t automatically mean that ATMs will become vulnerable. They are ‘closed’ systems that only perform a single task and there are safeguards that can be taken that will allow them to continue to achieve PCI SSC compliance – for a while.

But PCI compliance as well as several state laws – such as Massachusetts 201 CMR 17 – require that systems have software that’s supported by the manufacturer.

So will there be a security risk? Yes, but it’s not doubling overnight. But minimally the owners of the ATMs you use should have a plan in place for fairly immediate migration of the ATM to newer software standards.

And by the way, this problem extends far beyond ATMs. Most restaurant and retail store point-of-sale terminals also still run on Windows XP.

Like this:

Facebook users beware of a scam posting about the missing Malaysian Airlines Flight MH370. A posting by cyber crooks is claiming the missing aircraft has been found in the Bermuda triangle and invites users to see video footage by clicking a link on a malicious website.

Like this:

Unless you’ve been seriously out of contact for a while, you probably already know that Microsoft’s support for Windows XP is ending this spring. But like the April 15 tax deadline, these dates have a way of sneaking up on you and suddenly you realize it’s SOON.

Starting March 8 look for a popup message on your Windows XP computer from Microsoft reminding you that support for XP is ending on April 8.

And to help you out with transferring your old data and settings to a new computer, check out PCmover Express just released by Microsoft in conjunction with Laplink. PCmover Express will copy your files and settings to a new device running Windows 7, 8, or 8.1. Available later this week from windowsxp.com

Like this:

Just in time for the holidays is yet another email scam. Here’s what to be on the lookout for:

You get an email purportedly from Walmart, Costco, or some other large retailer. The subject line is something intended to fool you into thinking there is a delivery problem with something you may have ordered or a gift that’s coming to you. The subject line is something like “Scheduled Home Delivery Problem” or “Express Delivery Failure”.

The message may have the company logo and an ‘order’ number and has links to check out the order and also to fill out a form to give updated shipping info. Clicking either link infects your computer with malware designed to steal your accounts, passwords, and other sensitive data.

The giveaways that it’s bogus? The message isn’t personally addressed to you (it’s a ‘Sir/Madam’ or ‘Dear Customer’ format’), the language is poor English, there’s a threat (‘you will get your money back but 17% will be deducted’ for some reason), and if you hover over the links without clicking, you’ll see that they resolve to addresses that have nothing to do with the merchant.

Like this:

SpiderLabs, a security team that’s part of the security company Trustwave, reports that they have found over 2 million stolen credentials available for sale on the Internet.

Included in the massive collection are credentials from the payroll provider ADP, Facebook, Google, Yahoo, Twitter, and LinkedIn. Most appear to have been stolen with a piece of malware that searches systems for likely looking stored accounts and passwords as well as watching browser activity and recording logins as they occur. The captured info is then sent off to the bad guys for cleanup and ultimate sale.

The most common password? 123456

The malware causing all this havoc would be stopped by keeping computers and browsers patched and up to date, and of course keeping anti-virus software updated.

If you’re concerned about any of the above accounts you use, this might be a good time to change those passwords.

Keep your organization’s and personal computers updated and please ask you users to come up with passwords that at least make it a bit harder for the thieves. A good guideline is to use at least 8 characters, a mixture of uppercase and lowercase, and some symbols mixed in.

Like this:

It’s the season for holly and mistletoe, but unfortunately that means that the scammers are working overtime. They know that a record amount of online shopping is being done online this year (and especially this Cyber Week) – and a lot of it is being done at work – so they are trying hard to infect computer systems and steal info.

How is it being done? Mostly by offering incredible sounding deals in an email message that when clicked, take you to a completely fraudulent website whose purpose is to get you to type in that credit card info or to infect your computer with malware.

So tell your users to stop and think. If they see a deal for a 60″ LED flatscreen TV for $299 from a vendor you’ve never heard of, stay away!

And these ‘deals’ are coming via social media and on mobile devices too.

So warn your users. And as the old saying goes, if it sounds too good to be true, it probably is.

Like this:

As most of our readers know from a post we did about a month ago, Adobe’s systems were hacked and the bad guys essentially got away with whatever info they wanted. Early reports estimated that up to 38 million accounts and passwords were stolen. Well, that’s been revised upward – a lot.

The stolen data has now appeared for sale online and from that info it’s now pretty certain that upward of 150 million accounts were compromised.